Michael A. Puls II discovered an unspecified flaw when launchingexternal email or newsgroup clients (CVE-2007-5541). David Bloomdiscovered that when displaying frames from different websites, thesame-origin policy is not correctly enforced (CVE-2007-5540).

Impact======

An attacker could potentially exploit the first vulnerability toexecute arbitrary code with the privileges of the user running Opera byenticing a user to visit a specially crafted URL. Note that thisvulnerability requires an external e-mail or newsgroup clientconfigured in Opera to be exploitable. The second vulnerability allowsan attacker to execute arbitrary script code in a user's browsersession in context of other sites or the theft of browser credentials.

Workaround==========

There is no known workaround at this time for all thesevulnerabilities.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200710-31.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.